Just days after a phishing scam was found to be circulating via email, SingPass has announced measures to tighten up security by introducing improved features as part of the enhanced SingPass. This will be launched on 5 July, the Infocomm Development Authority of Singapore (IDA) said yesterday.
SingPass currently serves about 64 government agencies, and allows residents access to more than 200 e-services that require secure user identification. And with the number of transactions in the millions — it was 57 million in 2013 — you can see why they have to level up.
The new and improved SingPass will implement a two-factor authentication (2FA) system for users to access important e-Government transactions that involve sensitive data. These include things like financial information via the Central Provident Fund, or employment details from the Ministry of Manpower.
This is how the 2FA works: a one-time password (OTP) will be sent out when a transaction occurs, in addition to the standard log in process that involves your SingPass user ID and password. The OTP will be sent via SMS or generated on a OneKey token. (A token and a PIN mailer password will be sent out to those who register for one.)
Users will have to register for 2FA by logging on to the SingPass website — it’s voluntary for now, but will be mandatory come next year. Those who fail to do so will be unable to gain access to the services covered by SingPass.
Some other enhancements include the option of customising your SingPass ID, instead of using the standard NRIC number. And for efficiency, users who have forgotten their passwords may reset it immediately using their mobile phones, as opposed to having to visit a SingPass counter or submitting an online request.
On to safer days, everyone.